Re: [Exim] pri/sec MX on same machine to catch spam

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: jvanasco
Fecha:  
A: Wakko Warner
Cc: exim-users
Asunto: Re: [Exim] pri/sec MX on same machine to catch spam
fyi:

one of the guys in my office has a _very_ public email address. you
wouldn't believe the amount of spam he gets

i've got sa-exim compiled in, and its rejecting spams 30 or above

when i tail the rejectlog occasionally, i'm amazed at some of the
redundancy

some spammers have been going on 1month plus, several times a day,
spamming the same message that is temp-failed

i think that greylisting idea is more apt to inconvenience real users
than it will hurt spammers


On Thursday, July 17, 2003, at 09:31 AM, Wakko Warner wrote:

> This idea hit me the other day.
>
> This would only work if you have 2 IPs. Here's what I came up with.
>
> A messages (non-spam) comes into the primary. The primary adds the
> host (or
> host/sender) to a database and returns 4xx codes to every rcpt.
> Properly
> configured mailservers are supposed to try the secondary. So the same
> message goes to the secondary. If the host (or host/sender) has
> already
> been seen by the primary, accept it (and possibly mark it so that the
> primary will accept it).
>
> Some spammers will hit the primary once and never try again. Since
> the host
> hasn't been seen before, the message won't come through. Some
> spammers will
> only hit the secondary server. If they do, the secondary will check
> the DB
> and if it hasn't seen this host, assume it's a spam and blacklist.
>
> Just remember, in the above, the primary and secondary are on the same
> machine with multiple IPs. This would also work if it was on 2
> different
> machines as long as they can share info in realtime and not go down.
>
> Of course, this won't work for RFC compliant MTAs that are open relays.
>
> Thoughts?
>
> --
> Lab tests show that use of micro$oft causes cancer in lab animals
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> Exim details at http://www.exim.org/ ##
>